Skip to main content

Apache HTTP Server EUVDEUVD-2026-35094

| CVE-2026-44119 MEDIUM
Improper Privilege Management (CWE-269)
2026-06-08 apache GHSA-fm8w-r4qw-vq3r
5.5
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (apache).

CVSS VectorVendor: apache

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jun 09, 2026 - 13:23 vuln.today
CVSS changed
Jun 09, 2026 - 13:22 NVD
5.5 (None) 5.5 (MEDIUM)
CVE Published
Jun 08, 2026 - 15:17 nvd
MEDIUM 5.5
CVE Published
Jun 08, 2026 - 15:17 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.

This issue affects Apache HTTP Server: from through 2.4.67.

Users are recommended to upgrade to version 2.4.68, which fixes the issue.

AnalysisAI

Privilege escalation in Apache HTTP Server 2.4.0 through 2.4.67 allows local users with .htaccess write access to read arbitrary files using the privileges of the httpd daemon process, exploiting improper privilege management (CWE-269). The attack vector is local, requires low privileges, and impacts only confidentiality - no integrity or availability impact is present. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local or web-hosting account with directory write access
Delivery
Identify Apache-served directory with AllowOverride enabled
Exploit
Write malicious .htaccess with file-reading directives
Execution
Trigger HTTP request to invoke .htaccess processing
Persist
Apache httpd reads target file under its service account privileges
Impact
Attacker retrieves sensitive file contents from response or logs

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following: (1) the target system runs Apache HTTP Server 2.4.0 through 2.4.67; (2) .htaccess overrides are enabled - specifically, the server configuration must include 'AllowOverride' set to a value other than 'None' for the targeted directory, which is a common but not universal configuration; (3) the attacker has an authenticated local system account or web-hosting account with filesystem write access to a directory that is served by the Apache instance and has AllowOverride enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.5 (Medium) reflects a local attack vector (AV:L), low complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), and high confidentiality impact with no integrity or availability impact (C:H/I:N/A:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user on a shared web hosting platform with write access to a web-served directory crafts a .htaccess file containing directives (such as ErrorDocument or Include paths) that instruct the Apache httpd process to read and surface the contents of sensitive server files - for example, application database credentials, private SSL keys stored in accessible paths, or OS-level files readable by the httpd service account. The attacker then triggers an HTTP request to the directory, causing Apache to process the malicious .htaccess and return or log the targeted file contents. …
Remediation Upgrade to Apache HTTP Server 2.4.68, which contains the vendor-released fix per the official Apache security advisory at https://httpd.apache.org/security/vulnerabilities_24.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Module for Server Applications 15 SP7 Fixed

Share

EUVD-2026-35094 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy